A CPS enrollment is the collection of settings for:

  • One or more active and pending X509 certificates.
  • A reference to the key pairs for all X509 certificates.
  • How SSL connections using this certificate collection managed by Akamai.
  • Information regarding contact information used in making validation requests.

A CPS enrollment is the most fundamental and definitive concept. It behaves as a core container for all the operations that clients can perform within CPS.

CPS is a certificate life cycle management tool and a CPS enrollment is the agent in this tool that allows users display all the information about the process that certificate goes through from the time it was requested, through renewal or removal. Once you obtain a certificate, you can‚ÄĒbut not necessarily have to‚ÄĒuse it until it expires, in most cases a year from the date the CA issued the certificate. That being said, you can start a renewal process whenever you want given CPS timeline allows it, i.e. not too close to expiration, already a renewal in process etc.

When expiration date of an active Akamai managed certificate in an enrollment approaches, CPS automatically starts the renewal process for users' convenience in order to prevent Denial of Service (DoS) due to expired certificates. Start date of auto-renewal for an about-to-expire certificate depends on the validation type:

  • EV: 90 days before expiration
  • OV: 60 days before expiration
  • DV: 20 days before expiration

When an auto-renewal operation starts, CPS then automatically deploys the renewed certificate when it receives it from the CA, unless a scheduled deployment date is set to specify a particular target time and date.